One embodiment of the present invention provides a system for verifying type safety of an application snapshot. This application snapshot includes a state of an executing program that is moved from a first computing device to a second computing device across a network in order to continue execution on the second computing device. The system operates by receiving the application snapshot from the first computing device on the second computing device, wherein the application snapshot includes a subprogram, an operand stack, and a point of execution. The system then examines the application snapshot to identify one or more subprograms and the point of execution within the subprograms. Next, the system examines the subprogram to determine an expected structure of the operand stack at the point of execution. After the expected structure of the operand stack has been determined, the system verifies that the state of the application snapshot on the second computing device does not violate type safety in the sense of a platform-independent programming language. Execution of the application snapshot is resumed on the second computing device if the verification does not fail.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for verifying type safety of an application snapshot, the application snapshot including a state of an executing program that is moved from a first computing device to a second computing device across a network in order to continue execution on the second computing device, the method comprising: receiving the application snapshot of the executing program from the first computing device on the second computing device, wherein the application snapshot includes a subprogram, an operand stack, and a point of execution; wherein the operand stack contains operands currently being operated on by the executing subprogram; examining the application snapshot on the second computing device to identify the subprogram being executed and the point of execution within the subprogram; examining the subprogram on the second computing device to determine an expected structure of the operand stack at the point of execution; validating that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack; verifying on the second computing device that variables and arguments within the application snapshot are of the proper type; and if the state of the application snapshot is validated as consistent with the expected structure of the operand stack, resuming execution of the application snapshot on the second computing device at the point of execution on the first computing device; wherein the expected structure of the operand stack includes a collective size of entries and the types of entries expected on the operand stack at the point of execution within the subprogram; and wherein validating that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack involves ensuring that the collective size of entries and the types of entries on the operand stack agree with the collective size of entries and the types of entries expected on the operand stack.
2. The method of claim 1 , wherein examining the subprogram to determine the expected structure of the operand stack at the point of execution involves examining the subprogram with a code verifier, wherein the code verifier ensures that: the subprogram does not cause the operand stack to overflow and underflow; a use of a local variable does not violate type safety; and an argument of an instruction is of an expected type.
3. The method of claim 1 , wherein the operand stack contains at least one local variable, at least one argument that is passed as a parameter to the subprogram, and an offset to the point of execution within the subprogram.
4. The method of claim 1 , wherein resuming execution of the application snapshot involves restarting the subprogram at the point of execution within the second computing device.
5. The method of claim 1 , further comprising restoring the state of an object within the application snapshot on the second computing device by changing a pointer from an address of the object on the first computing device to an address of the object on the second computing device.
6. A computer-readable storage medium storing instructions that when executed by a computer causes the computer to perform a method for verifying type safety of an application snapshot, the application snapshot including a state of an executing program that is moved from a first computing device to a second computing device across a network in order to continue execution on the second computing device, the method comprising: receiving the application snapshot of the executing program from the first computing device on the second computing device, wherein the application snapshot includes a subprogram, an operand stack, and a point of execution; examining the application snapshot on the second computing device to identify the subprogram being executed and the point of execution within the subprogram; wherein the operand stack contains operands currently being operated on by the executing subprogram; examining the subprogram on the second computing device to determine an expected structure of the operand stack at the point of execution; validating that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack; verifying on the second computing device that variables and arguments within the application snapshot are of the proper type; and if the state of the application snapshot is validated as consistent with the expected structure of the operand stack, resuming execution of the application snapshot on the second computing device at the point of execution from the first computing device; wherein the expected structure of the operand stack includes a collective size of entries and the types of entries expected on the operand stack at the point of execution within the subprogram; and wherein validating that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack involves ensuring that the collective size of entries and the types of entries on the operand stack agree with the collective size of entries and the types of entries expected on the operand stack.
7. The computer-readable storage medium of claim 6 , wherein examining the subprogram to determine the expected structure of the operand stack at the point of execution involves examining the subprogram with a code verifier, wherein the code verifier ensures that: the subprogram does not cause the operand stack to overflow and underflow; a use of a local variable does not violate type safety; and an argument of an instruction is of an expected type.
8. The computer-readable storage medium of claim 6 , wherein the operand stack contains at least one local variable, at least one argument that is passed as a parameter to the subprogram, and an offset to the point of execution within the subprogram.
9. The computer-readable storage medium of claim 6 , wherein resuming execution of the application snapshot involves restarting the subprogram at the point of execution within the second computing device.
10. The computer-readable storage medium of claim 6 , further comprising restoring the state of an object within the application snapshot on the second computing device by changing a pointer from an address of the object on the first computing device to an address of the object on the second computing device.
11. An apparatus that facilitates verifying type safety of an application snapshot, the application snapshot including a state of an executing program that is moved from a first computing device to a second computing device across a network in order to continue execution on the second computing device, comprising: a receiving mechanism that is configured to receive the application snapshot of the executing program from the first computing device on the second computing device, wherein the application snapshot includes a subprogram, an operand stack, and a point of execution; wherein the operand stack contains operands currently being operated on by the executing subprogram; an examination mechanism that is configured to examine the application snapshot on the second computing device to identify the subprogram being executed and the point of execution within the subprogram wherein, the examination mechanism is configured to also examine the subprogram to determine an expected structure of the operand stack at the point of execution; a validation mechanism that is configured to validate that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack; a verifying mechanism configured to verify on the second computing device that variables and arguments within the application snapshot are of the proper type; and an execution mechanism that is configured to resume execution of the application snapshot on the second computing device at the point of execution from the first computing device if the state of the application snapshot is validated as consistent with the expected structure of the operand stack; wherein the expected structure of the operand stack includes a collective size of entries and the types of entries expected on the operand stack at the point of execution within the subprogram; and wherein validating that the state of the application snapshot on the second computing device is consistent with the expected structure of the operand stack involves ensuring that the collective size of entries and the types of entries on the operand stack agree with the collective size of entries and the types of entries expected on the operand stack.
12. The apparatus of claim 11 , wherein the examination mechanism includes a code verifier, wherein the code verifier is configured to ensure that: the subprogram does not cause the operand stack to overflow and underflow; a use of a local variable does not violate type safety; and an argument of an instruction is of an expected type.
13. The apparatus of claim 11 , wherein the operand stack contains at least one local variable, at least one argument that is passed as a parameter to the subprogram, and an offset to the point of execution within the subprogram.
14. The apparatus of claim 11 , wherein in resuming execution of the application snapshot, the execution mechanism is configured to restart the subprogram at the point of execution within the second computing device.
15. The apparatus of claim 11 , further comprising an object restoring mechanism that is configured to restore the state of an object within the application snapshot on the second computing device by changing a pointer from an address of the object on the first computing device to an address of the object on the second computing device.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 28, 2000
January 31, 2006
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.